CNNVD-202509-3996 Information
CNNVD ID
CNNVD-202509-3996
Related CVE
- CNNVD Published: 2025-09-25
Description (Chinese)
Sistemas Pleno Gestão de Locação是巴西Sistemas Pleno公司的一个房地产租赁软件。 Sistemas Pleno Gestão de Locação 2025.7.x及之前版本存在安全漏洞,该漏洞源于对文件/api/areacliente/pessoa/validarCpf中参数pes_cpf的错误操作,可能导致授权绕过。
Description (English)
Sistemas Pleno Gestão de Locação is a real estate rental software of the Brazilian company Sistemas Pleno. Sistemas Pleno Gestão de Locação 2025.7.x and previous versions contain a security loophole, which stems from an error in the application of the parameter pes cpf in the document/api/arreacliente/pessoa/validarCpf, which could lead to a circumvention of the authorization.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Sistemas Pleno
Published
2025-09-25
Last Modified
2026-02-24
References
https://github.com/lfparizzi/CVE-Sistemas_Pleno/tree/main https://github.com/lfparizzi/CVE-Sistemas_Pleno/tree/main?tab=readme-ov-file#-proofs https://vuldb.com/?ctiid.325817 https://vuldb.com/?id.325817 https://vuldb.com/?submit.652282
Share on: